Prepare your AWS account

• Your AWS account must have the IAM permissions needed to create roles and policies.

Does this refer to the person creating the role in the next topic? Or to AI Unlim, which might create the role each time a user deploys the engine? If it's the person, instead of saying "Your AWS account" could say "Make sure you have...

• Your AWS account must have the (IAM?) permissions needed to deploy a CloudFormation template.

Does this "account" = the user? Or might it be the corporate account that has many users? Could say "Make sure you have..."?

For both of those bullets, if they don't have the permissions, should we tell them to contact their admin?

Maybe we can combine the first 2 bullets.

• If you will need to closely manage the AI Unlimited (the engine's?) server instance (why might need want to?), after it launches you can connect to it within its host operating system (OS) (verify wording) two ways:

  • Generate a key pair to securely connect using Secure Shell (SSH).
  • Use AWS Session Manager to connect. To enable this, when you create the IAM role and policies, attach the session-manager.json policy to the IAM role.

• Choose a load balancer option:

  • Application Load Balancer (ALB)—at least two subnets across Availability Zones.
  • Network Load Balancer (NLB)—at least one subnet.
  • No load balancer.

• If you’re using load balancers, make sure you have permission to manage these AWS services:

  • AWS Certificate Manager—to issue a new certificate for the hosted zone ID in Route 53.
  • AWS Route 53—to configure a custom domain name and route DNS queries to your load balancer.